We use a number of scratch environments for development/exploration purposes, which are very useful when we’re deploying AWS CloudFormation templates through Octopus.
I wanted to “clean up” the set of deployments associated with a scratch environment today, in order to experiment with behaviour when the proverbial slate was clean.
I created a new Octopus User, created an API key and added the user to a new Team that had permissions to do the minimum that it needed to do (view some things and delete only deployments in the specific environment).
I can do all the queries I expect to be able to do (view environments, projects, deployments, releases, etc), but I cannot delete a deployment belonging to the environment.
When I try to run the delete, I get the following response from the API:
{
"ErrorMessage": "You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: DeploymentDelete",
"HelpText": "This action requires permission to delete deployments. At least one of your teams has this permission in a limited scope, but this doesn't cover the project or environment in question. Teams that have enough permission include: {one of my other teams}"
}
As far as I can see, I have all the permissions I need.
I’ve attached the permissions export from within Octopus.
I’m aware that I can create a new environment, but I’d still like the understand why I can’t delete the deployments in this environment.
I’m also aware that I could change the permissions to just allow this user to delete any deployment, but I really don’t want to do that, mostly because I don’t trust myself not to accidentally delete everything one day.
Turns out this is a bug. If the team is scoped to Dev, the user will get that error even if the deployment-to-be-deleted happened on Dev. The only current way around this is the remove the Environments scope for the team, which would instantaneouly allow it to delete deployments to all environments (totally not desired, i know).